1

In AWS I created a documentdb cluster. I am using the same java program as here with just necessary changes for connection string. here I am not able to connect. Here is the error message:

Feb 06, 2021 9:56:36 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Cluster created with settings {hosts=[price-manager-prod-new-docdb-clsuter.cluster- 
cduzobvhwuhh.us-east-1.docdb.amazonaws.com:27017], mode=MULTIPLE, requiredClusterType=REPLICA_SET, 
serverSelectionTimeout='30000 ms', maxWaitQueueSize=500, requiredReplicaSetName='rs0'}
Feb 06, 2021 9:56:36 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Adding discovered server price-manager-prod-new-docdb-clsuter.cluster-cduzobvhwuhh.us-east- 
1.docdb.amazonaws.com:27017 to client view of cluster
Feb 06, 2021 9:56:36 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: No server chosen by com.mongodb.client.internal.MongoClientDelegate$1@5890e879 from cluster 
description ClusterDescription{type=REPLICA_SET, connectionMode=MULTIPLE, serverDescriptions= 
[ServerDescription{address=price-manager-prod-new-docdb-clsuter.cluster-cduzobvhwuhh.us-east- 
1.docdb.amazonaws.com:27017, type=UNKNOWN, state=CONNECTING}]}. Waiting for 30000 ms before timing 
out
Feb 06, 2021 9:56:56 PM com.mongodb.diagnostics.logging.JULLogger log
INFO: Exception in monitor thread while connecting to server price-manager-prod-new-docdb- 
clsuter.cluster-cduzobvhwuhh.us-east-1.docdb.amazonaws.com:27017
com.mongodb.MongoSocketOpenException: Exception opening socket
at com.mongodb.internal.connection.SocketStream.open(SocketStream.java:70)
at com.mongodb.internal.connection.InternalStreamConnection.open(InternalStreamConnection.java:128)
at com.mongodb.internal.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:117)

Amazon asked to use following connection string. mongodb://docdbnewbie:@price-manager-prod-new-docdb-clsuter.cluster-cduzobvhwuhh.us-east-1.docdb.amazonaws.com:27017/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false

In the program, in the connection string I have not used ssl_ca_certs=rds-combined-ca-bundle.pem. The pem file I imported to the keystore. When creating the cluster it asked for a master username & password. I just used docdbnewbie as username & some made-up password.Do I have to create a user beforehand and gave it relevant policy beforehand?

Update: I have been able to establish connectivity between java client & AWS hosted documentdb. But my java program is also in a EC2 - used cloud9. If anybody can throw light on if such connectivity can be establish when the client is outside of VPC that will be of great help.

Improve this question
3
  • Have you check reachability of db from the host/lambda? Commented Feb 6, 2021 at 18:05
  • @amitd, you mean from inside AWS? i.e. say from cloud9 - i have not tried that. Does it mean documentDB is only accessible from inside AWS? Not from outside? Commented Feb 6, 2021 at 23:43
  • If the client and Server are not inside the same VPC then you can still establish the connectivity. It usually boils die to ensuring that the client has a route to reach the server. I don't know the exact steps but the VPC documentation on AWS has steps on opening access to a server in vpc from outside. Commented Feb 7, 2021 at 2:58

1 Answer 1

Reset to default
1

If you look at the shared documentation, under section Connecting to an Amazon DocumentDB Cluster from Outside an Amazon VPC, it clearly says that you need to setup an SSH tunnel via an EC2 instance running inside the DocumentDB's VPC. Precisely,

To create an SSH tunnel, you need an Amazon EC2 instance running in the same Amazon VPC as your Amazon DocumentDB cluster. You can either use an existing EC2 instance in the same VPC as your cluster or create one.

The guide shows that you forward 27017 (default port for mongodb) using the following command.

ssh -i "ec2Access.pem" -L 27017:sample-cluster.node.us-east-1.docdb.amazonaws.com:27017 [email protected] -N

Once you have the tunnelling setup, you'll use localhost:27017 as your DocumentDB's endpoint instead of the custom DNS name price-manager-prod-new-docdb-clsuter.cluster-cduzobvhwuhh.us-east-1.docdb.amazonaws.com:27017. This DNS name is not publicly available and is resolvable only from within your VPC. This is the reason why, the same program is working when it is running on an EC2 inside the VPC.

If you don't want to use localhost, there should be a way to configure the desired endpoint in the SSH tunnelling command, you can look into it.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.